Here is a list of the passwords (courtesy of The Wundercounter)
So, if you currently use passwords which resemble any of those listed, I would encourage you to change them as soon as possible.
If you're lazy to hack, get all the news here!
Security researchers Karsten Nohl and Chris Paget presented their findings in a presentation (WMV video) Monday at the 26th Chaos Communication Congress (CCC) in Berlin. A practical demonstration of the vulnerabilities and potential exploits is scheduled to take place at the conference on Wednesday at 12:00 GMT.
The demonstration is a follow-up to a presentation the two researchers made in August at the Hacking At Random conference, during which they outlined serious flaws in the GSM encryption scheme.
GSM is used in approximately 80 percent of the world's mobile communications systems, and in about 3 billion cell phones across the globe, according to industry estimates. In his CCC presentation yesterday, Nohl pointed out that much data has already been published about GSM's vulnerabilities, but the pair's new research takes it one step further -- by showing how GSM calls can be intercepted and decoded using relatively low-cost hardware and open-source software that is readily available on the Web.
Organizations should assume that within six months of the demo GSM phone calls will be at risk, says Stan Schatt, vice president and practice director for healthcare and security at ABI Research.
For full report, read here.
When users go to these sites for these happy holiday thoughts – they are instead instantly greeted by having files downloaded to their computers. And voila – a lovely “gift” is attempting to execute upon them. The gift of holiday identity theft!"
Facebook has now blocked the URL to the malicious site, fb.59.to.
On Thursday, an unknown attacker hijacked Twitter's domain name and redirected visitors to an unrelated site hosting a page claiming Twitter had been hacked by the "Iranian Cyber Army." Evidence indicates, however, that the attackers were able to change the domain-name system (DNS) entries at Twitter's provider, Dyn Inc., said Rod Rasmussen, president and CEO of Internet Identity, an infrastructure security firm which monitors DNS changes.
"First of all the name servers themselves didn't change, so someone was updating things at the provider," Rasmussen said. Because other clients were not showing signs of DNS hijacking, it's unlikely that Dyn itself had been breached, Rasmussen said. "We didn't see anything else at Dyn that indicated signs of that the service had been compromised."
On Friday, Dyn confirmed that the attacker had the proper credentials to log into Twitter's account with the company and change the addressed assigned to various hosts in the Twitter.com domain. While some media reports have called the attack a hack or a defacement against the site, neither term applies, said Kyle York, vice president of sales and marketing for the firm.
"From our point of view, no unauthenticated users logged into the system," York said.
Adobe PDF Reader - Zero Day attack circulating
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.avertlabs.com/research/blog/index.php/2009/12/16/another-adobe-reader-zero-day-take-care/
QUOTE: Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available
HOW TO DISABLE JAVASCRIPT IN ADOBE READER:
Customers can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK
In reality, the company's domain name had been hijacked by the vandals and visitors redirected to an unrelated site hosting the page. Passive domain-name service (DNS) records showed the DNS poisoning, as Twitter's record pointed first to two domains registered in Moldova and then to a domain registered to an undisclosed person in Pompano Beach, Florida, according to information posted by the SANS Internet Storm Center.
Twitter acknowledged the issue late last night, following earlier media reports.
Defacement was claimed to be done by the "Iranian Cyber Army," but another message -- translated from Farsi by Google's automated translation engine -- reportedly claimed the attack was motivated by the U.S. and Twitter's interference in "my country," suggesting the attacker was an individual.